Re: Securing a Network - What's the most secure Network/Server OS? - Is there a secure way to use Shares?
Chip Panarchy wrote: > > 1x Server (no need to go into specs, but let's just say 8GB of RAM and > 2x Intel Quad CPU at 2.66GHz) > 500x Windows Computers (400x Windows XP, 94x Windows Vista and 6x Windows 7) > 80x Linux Computers (Ubuntu... and others?) > 46x Mac OS X Computers (Including 10x Tiger, 34x Leopard and 2x Snow Leopard) > 3x FreeBSD (2x v7, 1x v9) > > > 1. Which Server Operating system should I install on my Server? Whichever one you're competent with. There's no point installing an operating system you won't be able to use effectively, no matter how highly recommended it is. Windows Server, Linux, BSD, and so on. > 3. What is the best way to have 256-bit encryption of all traffic on > this network? Hmm, I don't know. IPSec, probably. > 4. Is it possible to have Shared folders, yet still attain a > high-level of security on this Network? Define "high-level of security". Does your definition of "secure" mean "no shared folders"? > 5. Would it be possible to have Centralised Storage/Resources? Yes. > 6. Could it be possible to have a Centralised User Account database, > for this entire network? Yes. > 7. Would you think it a good idea to use a Debian server for Repositories? Repositories of what? Debian makes a good server. You're probably going to want more than 1 server for that network, btw. Chris -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Problems after sendmail security upgrade
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Emmanuel Halbwachs wrote: > We are experiencing problems after the sendmail security upgrade on > our mailhost. What sort of problems, exactly? > - is there a way to downgrade the sendmail packages to the previous > version before the security fix ? (i. e. something with apt-pinning) If you can find a .deb of the package version you want, something like: dpkg --force-downgrade --install sendmail-whatever.deb should do the trick. Be aware that forcing a downgrade doesn't check for dependencies on the newer, replaced version of the package. - -- Chris Hilts [EMAIL PROTECTED] Say it with flowers -- Send them a triffid! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFEJC6g98ixrK2vMtARAoQzAKCJppzEOmLupmqX5UPhlU+b93EXAwCgk25D dZWT1UyV8F/OVYomGj51m7M= =JayI -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Allow root to telnet
On Thu, Apr 18, 2002 at 11:28:28AM +0800, Michael Watts wrote: > Hi, > > I am having trouble with a few services and want to allow root to telnet > to a Debian 2.2r5 system for testing purposes, but can not find the way > to allow this to happen. You really really really do not want to do this. You don't mention if the machine in question is on the internet, but regardless it's a bad idea. If you really must enable remote access, please consider using ssh instead. Generally speaking you never want to enable remote root logins, you should instead have a regular user account log in and then use su. > I have had a look through the man pages, and looked into /etc/securetty > but get stuck there. Do I have to add an entry for telnet to securetty > to allow root to login that way? Yes, that is correct. By default /etc/securetty on most distributions only permits root logins from the console. I don't believe sshd observes /etc/securetty though, so if you decide to use ssh you'll want to take a look at the "PermitRootLogin" parameter. (And preferably set it to "no") > Also, how would I allow telnet to accessed on more than one port at a > time. I may need to allow it on port 23 and (omniback backup > software port), but can only seem to allow one or the other, not both. > How can I allow both 23 and to accept telnet? A port can only be used by one application at a time. You can't have telnet and omniback listening to port together. There are a lot of unused ports available, is having telnet listen to, for example, an option? I hope this helps. Chris Hilts [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Allow root to telnet
On Thu, Apr 18, 2002 at 11:28:28AM +0800, Michael Watts wrote: > Hi, > > I am having trouble with a few services and want to allow root to telnet > to a Debian 2.2r5 system for testing purposes, but can not find the way > to allow this to happen. You really really really do not want to do this. You don't mention if the machine in question is on the internet, but regardless it's a bad idea. If you really must enable remote access, please consider using ssh instead. Generally speaking you never want to enable remote root logins, you should instead have a regular user account log in and then use su. > I have had a look through the man pages, and looked into /etc/securetty > but get stuck there. Do I have to add an entry for telnet to securetty > to allow root to login that way? Yes, that is correct. By default /etc/securetty on most distributions only permits root logins from the console. I don't believe sshd observes /etc/securetty though, so if you decide to use ssh you'll want to take a look at the "PermitRootLogin" parameter. (And preferably set it to "no") > Also, how would I allow telnet to accessed on more than one port at a > time. I may need to allow it on port 23 and (omniback backup > software port), but can only seem to allow one or the other, not both. > How can I allow both 23 and to accept telnet? A port can only be used by one application at a time. You can't have telnet and omniback listening to port together. There are a lot of unused ports available, is having telnet listen to, for example, an option? I hope this helps. Chris Hilts [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
> On Wed, Dec 05, 2001 at 01:24:54PM +0100, J. Paul Bruns-Bielkowicz > wrote: >> It seems to. The above ports were closed just by commenting them out >> of /etc/services and then rebooting. > An init 1, init 3 would have worked as well. Correct me if I'm wrong here, but why would you comment things out of /etc/services? Try /etc/inetd.conf or /etc/xinetd.conf /etc/services just maps ports to service names. Chris
Re: Re: How do I disable (close) ports?
> On Wed, Dec 05, 2001 at 01:24:54PM +0100, J. Paul Bruns-Bielkowicz > wrote: >> It seems to. The above ports were closed just by commenting them out >> of /etc/services and then rebooting. > An init 1, init 3 would have worked as well. Correct me if I'm wrong here, but why would you comment things out of /etc/services? Try /etc/inetd.conf or /etc/xinetd.conf /etc/services just maps ports to service names. Chris
Re: Re: How do I disable (close) ports?
> On Wed, Dec 05, 2001 at 01:24:54PM +0100, J. Paul Bruns-Bielkowicz > wrote: >> It seems to. The above ports were closed just by commenting them out >> of /etc/services and then rebooting. > An init 1, init 3 would have worked as well. Correct me if I'm wrong here, but why would you comment things out of /etc/services? Try /etc/inetd.conf or /etc/xinetd.conf /etc/services just maps ports to service names. Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
> On Wed, Dec 05, 2001 at 01:24:54PM +0100, J. Paul Bruns-Bielkowicz > wrote: >> It seems to. The above ports were closed just by commenting them out >> of /etc/services and then rebooting. > An init 1, init 3 would have worked as well. Correct me if I'm wrong here, but why would you comment things out of /etc/services? Try /etc/inetd.conf or /etc/xinetd.conf /etc/services just maps ports to service names. Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]